If confirmed, DHS nominee to continue with cybersecurity initiatives

If confirmed, Jeh Johnson, the former high-ranking Pentagon official nominated Friday to head the Department of Homeland Security, is not expected to bring much change to the Obama administration's cybersecurity initiatives.

President Barack Obama chose Johnson in part because of his managerial experience as general counsel of the Department of Defense, where he managed 10,000 military and civilian lawyers all over the world with a staff of 100. Johnson will need Senate confirmation to start his new job.

The ability to manage a sprawling bureaucracy is certainly a requirement for DHS secretary. The agency, formed in the wake of the 9/11 terrorist attack in New York, has 10s of thousands of employees and comprises more than a dozen agencies, from the Secret Service and Immigration and Customs Enforcement (ICE) to the Federal Emergency Management Agency.

"Since the organizational challenges at DHS are exceeded only by the challenges of running DOD, Johnson's on-the-job training at DOD will serve him well."

Johnson's high-profile accomplishments as chief lawyer for the Pentagon during the first term of the Obama administration included his legal authority over all drone strikes and his advocacy for allowing gays to serve openly in the military.

Because the administration has already set cybersecurity policy, Johnson is expected to leave the execution to others.

"He'll certainly appreciate the importance of cybersecurity as an issue, but I think it's too soon to say that he'll take a different approach," Baker said.

"DHS's challenges there are much more about execution than about policy, so I wouldn't expect a great change."

Obama issued an executive order in February that put into play those cybersecurity initiatives that do not need congressional approval. Key elements of the order included a Cybersecurity Framework for setting standards to mitigate risks and having government agencies share cyberattack information with the private sector.

Regulations that would make private sector participation mandatory would have to come from Congress, which is considering several proposals. The DHS plays an important role in advising lawmakers on the administration's positions.

Like his predecessor Janet Napolitano, Johnson is expected to make national cybersecurity a top priority at DHS. Napolitano resigned in September to lead the University of California system.

"Cyber will be among one of his top agenda items, no doubt," James Forest, director of the Graduate Program in Security Studies at the University of Massachusetts, Lowell, said.

"Since he's reportedly smart and politically savvy, I would bet he'll surround himself with a bunch of very smart people to tackle these issues."

Critics denounce Johnson for his role in the Obama administration's use of drones in the nation's war on terrorism. As Pentagon general counsel, Johnson said the attacks were legal because the terrorists killed were legitimate targets in a military conflict.

Johnson has said that a time will come when enough Al Qaeda leaders are killed or captured to neutralize the terrorist organization.

"That is delusional because the drone strikes are manufacturing terrorists faster than it is killing them," Peter Ludlow, a professor at Northwestern University who has written extensively on national security issues, said.

Republicans have already gone on the offensive against Johnson, saying he lacks the experience to oversee the three immigration services under the DHS, which include the two enforcement agencies, ICE and Customs and Border Protection, and Citizenship and Immigration Services.

"After this administration's mismanagement of DHS, in particular its failure to secure the border, Texans expect a nominee with serious management and law enforcement experience," Sen. John Cornyn, the second-ranking Republican in the Senate, told The Washington Times.

"Rather than selecting someone who knows the unique dynamics of our Southern border, President Obama has tapped one of his former New York fundraisers. We need someone who knows how to secure the border, not dial for dollars."

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.